TNW Sites

Firefox users were targeted via a browser exploit that was patched last month, after a hacker broke into Mozilla’s bug-tracking system ‘Bugzilla’ to steal data about potential weaknesses.

Mozilla says that the hacker managed to access Bugzilla’s “security-sensitive” information, which unlike the rest of the repository isn’t made publicly available. It says that the compromised account was closed down as soon as it was discovered and that steps are being taken to improve the overall security to avoid a repeat of the situation.

One of those changes is requiring all users who are authorized to access security-sensitive information to change their passwords and use two-factor authentication. There are also new limits being placed on what each level of priviledged user can access, so that if an account is compromised in future, the attacker won’t be able to access as much data.